Journalists report Yahoo e-mail accounts hacked in China

New York, March 31,
2010—News reports that the
Yahoo e-mail accounts of reporters and others in China and Taiwan have been compromised
are a reminder that journalists must be vigilant when communicating over the
Internet, the Committee to Protect Journalists said today. CPJ called on
Internet companies to reassess their business practices in countries where
users’ communications cannot be adequately protected.

“Internet companies must seriously weigh the value of doing
business in countries that do not provide adequate safeguards.” said Bob Dietz, CPJ Asia program coordinator. “Companies
also must increase security for their users to allow them to operate in
environments where their information may be at risk.”

Access was interrupted to Yahoo e-mail accounts used by
journalists, academics, and human rights activists beginning on March 25,
according to international news reports. The reports cited Kathleen McLaughlin,
a Beijing-based freelance journalist and head of the media freedoms committee
for the Foreign Correspondents Club of China (FCCC).

The FCCC’s Web site, which reports
attacks on international correspondents operating nationwide in China, appears
to have been suspended today. The site, which was active Tuesday, showed a
“This Account Has Been Suspended” notice this afternoon. FCCC members could not
be immediately reached today for any information they might have on the Web
site’s status.

McLaughlin told CPJ and news outlets that Yahoo informed her
that her personal e-mail account had been improperly accessed. She said the
FCCC received reports that about 10 members’ accounts had been hacked. McLaughlin
was critical of Yahoo for not providing more information about the apparent hacking.
“Yahoo has information suggesting our data has been viewed by a stranger. They
won't tell us what that information is, how they found it, or who the unwelcome
stranger might be. I find this irresponsible, especially given that we deal in
sensitive information,” McLaughlin told CPJ.

Yahoo said in an e-mail statement that the company was “committed
to protecting user security and privacy and we take appropriate action in the
event of any kind of breach.” It did not provide details. Reuters said in
January that the company was aware its security was vulnerable but not
publicizing the information.

The California-based Yahoo operates in China through its
stake in the Chinese conglomerate Alibaba. In 2004, a Chinese court imprisoned
local journalist Shi Tao
based on information about his personal e-mail provided by Yahoo’s Hong Kong subsidiary. Shi is still serving the 10 year
sentence he was given for disseminating “state secrets” after the email’s
contents—a propaganda department directive—was retroactively classified,
according to CPJ research.

Google revealed in January
that cyber-attacks believed to originate in China had compromised Gmail
accounts belonging to journalists and human rights activists. The company stopped
complying with Chinese government censorship requirements on their Chinese
search engine, Google.cn, on March 22.

Many foreign journalists operate in China on the assumption that their
e-mail and telephone communications are vulnerable to attack, according to CPJ
research. “It’s a good reminder to reporters in China about protecting private
information and taking extra precautions with sensitive sources,” McLaughlin wrote.